version 1.6, 2007/03/12 14:37:28 |
version 1.22, 2009/05/18 00:41:53 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd February 2, 2007 |
.Dd May 18, 2009 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 74 The top level names are defined with a C |
|
Line 74 The top level names are defined with a C |
|
and are as follows. |
and are as follows. |
The next and subsequent levels down are found in the include files |
The next and subsequent levels down are found in the include files |
listed here, and described in separate sections below. |
listed here, and described in separate sections below. |
.Bl -column securityXX CTLXSECURITYXX "Next level namesXX" |
.Bl -column security CTL_SECURITY "Next level names" "High kernel limits" |
.It Sy Name Constant Next level names Description |
.It Sy Name Constant Next level names Description |
.It kern CTL\_KERN sys/sysctl.h High kernel limits |
.It kern CTL_KERN sys/sysctl.h High kernel limits |
.It vm CTL\_VM uvm/uvm_param.h Virtual memory |
.It vm CTL_VM uvm/uvm_param.h Virtual memory |
.It vfs CTL\_VFS sys/mount.h Filesystem |
.It vfs CTL_VFS sys/mount.h Filesystem |
.It net CTL\_NET sys/socket.h Networking |
.It net CTL_NET sys/socket.h Networking |
.It debug CTL\_DEBUG sys/sysctl.h Debugging |
.It debug CTL_DEBUG sys/sysctl.h Debugging |
.It hw CTL\_HW sys/sysctl.h Generic CPU, I/O |
.It hw CTL_HW sys/sysctl.h Generic CPU, I/O |
.It machdep CTL\_MACHDEP sys/sysctl.h Machine dependent |
.It machdep CTL_MACHDEP sys/sysctl.h Machine dependent |
.It user CTL\_USER sys/sysctl.h User-level |
.It user CTL_USER sys/sysctl.h User-level |
.It ddb CTL\_DDB sys/sysctl.h In-kernel debugger |
.It ddb CTL_DDB sys/sysctl.h In-kernel debugger |
.It proc CTL\_PROC sys/sysctl.h Per-process |
.It proc CTL_PROC sys/sysctl.h Per-process |
.It vendor CTL\_VENDOR ? Vendor specific |
.It vendor CTL_VENDOR ? Vendor specific |
.It emul CTL\_EMUL sys/sysctl.h Emulation settings |
.It emul CTL_EMUL sys/sysctl.h Emulation settings |
.It security CTL\_SECURITY sys/sysctl.h Security settings |
.It security CTL_SECURITY sys/sysctl.h Security settings |
.El |
.El |
.Sh The debug.* subtree |
.Sh The debug.* subtree |
The debugging variables vary from system to system. |
The debugging variables vary from system to system. |
Line 152 The string and integer information avail |
|
Line 152 The string and integer information avail |
|
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent |
.Bl -column "hw.acpi.supported_states" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
|
.It hw.acpi.supported_states string no |
.It hw.alignbytes integer no |
.It hw.alignbytes integer no |
.It hw.byteorder integer no |
.It hw.byteorder integer no |
.It hw.cnmagic string yes |
.It hw.cnmagic string yes |
Line 171 privilege may change the value. |
|
Line 172 privilege may change the value. |
|
.El |
.El |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
|
.It Li hw.acpi.support_states |
|
List of possible |
|
.Tn ACPI |
|
sleep states. |
|
The list can contain the following values: |
|
.Bl -tag -width XS1X |
|
.It S0 |
|
fully running |
|
.It S1 |
|
power on suspend (CPU and hard disks are off) |
|
.It S2 |
|
similar to S3, usually not implemented |
|
.It S3 |
|
suspend-to-RAM |
|
.It S4 |
|
suspend-to-disk (needs BIOS support) |
|
.It S5 |
|
power off |
|
.El |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
Alignment constraint for all possible data types. |
Alignment constraint for all possible data types. |
This shows the value |
This shows the value |
Line 215 The machine CPU class. |
|
Line 235 The machine CPU class. |
|
The machine model. |
The machine model. |
.It Li hw.ncpu ( HW_NCPU ) |
.It Li hw.ncpu ( HW_NCPU ) |
The number of CPUs. |
The number of CPUs. |
.ne 1i |
|
.It Li hw.pagesize ( HW_PAGESIZE ) |
.It Li hw.pagesize ( HW_PAGESIZE ) |
The software page size. |
The software page size. |
.It Li hw.physmem ( HW_PHYSMEM ) |
.It Li hw.physmem ( HW_PHYSMEM ) |
Line 237 The types of data currently available ar |
|
Line 256 The types of data currently available ar |
|
system vnodes, the open file entries, routing table entries, |
system vnodes, the open file entries, routing table entries, |
virtual memory statistics, load average history, and clock rate |
virtual memory statistics, load average history, and clock rate |
information. |
information. |
.Bl -column "kern.posix_reader_writer_locks" "struct clockrateXXX" -offset indent |
.Bl -column "kern.posix_reader_writer_locks" "struct kinfo_drivers" "not applicable" |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It kern.argmax integer no |
.It kern.argmax integer no |
.It kern.autonicetime integer yes |
.It kern.autonicetime integer yes |
|
|
.It kern.ccpu integer no |
.It kern.ccpu integer no |
.It kern.clockrate struct clockinfo no |
.It kern.clockrate struct clockinfo no |
.It kern.consdev integer no |
.It kern.consdev integer no |
.It kern.cp\_id struct no |
.It kern.cp_id struct no |
.It kern.cp\_time uint64_t[\|] no |
.It kern.cp_time uint64_t[\|] no |
.It kern.defcorename string yes |
.It kern.defcorename string yes |
.It kern.domainname string yes |
.It kern.domainname string yes |
.It kern.drivers struct kinfo_drivers no |
.It kern.drivers struct kinfo_drivers no |
|
|
.It kern.forkfsleep integer yes |
.It kern.forkfsleep integer yes |
.It kern.fscale integer no |
.It kern.fscale integer no |
.It kern.fsync integer no |
.It kern.fsync integer no |
.It kern.hardclock\_ticks integer no |
.It kern.hardclock_ticks integer no |
.It kern.hostid integer yes |
.It kern.hostid integer yes |
.It kern.hostname string yes |
.It kern.hostname string yes |
.It kern.iov\_max integer no |
.It kern.iov_max integer no |
.It kern.job\_control integer no |
.It kern.job_control integer no |
.It kern.labeloffset integer no |
.It kern.labeloffset integer no |
.It kern.labelsector integer no |
.It kern.labelsector integer no |
.It kern.login\_name\_max integer no |
.It kern.login_name_max integer no |
.It kern.logsigexit integer yes |
.It kern.logsigexit integer yes |
.It kern.mapped\_files integer no |
.It kern.mapped_files integer no |
.It kern.maxfiles integer yes |
.It kern.maxfiles integer yes |
.It kern.maxpartitions integer no |
.It kern.maxpartitions integer no |
.It kern.maxphys integer no |
.It kern.maxphys integer no |
|
|
.It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
.It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
.It kern.memlock integer no |
.It kern.memlock integer no |
.It kern.memlock\_range integer no |
.It kern.memlock_range integer no |
.It kern.memory\_protection integer no |
.It kern.memory_protection integer no |
.It kern.monotonic\_clock integer no |
.It kern.monotonic_clock integer no |
.It kern.msgbuf integer no |
.It kern.msgbuf integer no |
.It kern.msgbufsize integer no |
.It kern.msgbufsize integer no |
.It kern.ngroups integer no |
.It kern.ngroups integer no |
|
|
.It kern.ostype string no |
.It kern.ostype string no |
.It kern.pipe node not applicable |
.It kern.pipe node not applicable |
.It kern.posix1 integer no |
.It kern.posix1 integer no |
.It kern.posix\_barriers integer no |
.It kern.posix_barriers integer no |
.It kern.posix\_reader\_writer\_locks integer no |
.It kern.posix_reader_writer_locks integer no |
.It kern.posix\_semaphores integer no |
.It kern.posix_semaphores integer no |
.It kern.posix\_spin\_locks integer no |
.It kern.posix_spin_locks integer no |
.It kern.posix\_threads integer no |
.It kern.posix_threads integer no |
.It kern.posix\_timers integer no |
.It kern.posix_timers integer no |
.It kern.proc struct kinfo_proc no |
.It kern.proc struct kinfo_proc no |
.It kern.proc2 struct kinfo_proc2 no |
.It kern.proc2 struct kinfo_proc2 no |
.It kern.proc\_args string no |
.It kern.proc_args string no |
.It kern.prof node not applicable |
.It kern.prof node not applicable |
.It kern.rawpartition integer no |
.It kern.rawpartition integer no |
.It kern.root\_device string no |
.It kern.root_device string no |
.It kern.root\_partition integer no |
.It kern.root_partition integer no |
.It kern.rtc\_offset integer yes |
.It kern.rtc_offset integer yes |
.It kern.saved\_ids integer no |
.It kern.saved_ids integer no |
.It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
.It kern.synchronized\_io integer no |
.It kern.synchronized_io integer no |
.It kern.ipc node not applicable |
.It kern.ipc node not applicable |
|
.It kern.timecounter node not applicable |
.It kern.timex struct no |
.It kern.timex struct no |
.It kern.tkstat node not applicable |
.It kern.tkstat node not applicable |
.It kern.urandom integer no |
.It kern.urandom integer no |
.It kern.version string no |
.It kern.version string no |
.It kern.vnode struct vnode no |
.It kern.vnode struct vnode no |
.El |
.El |
.ne 1i |
|
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.argmax ( KERN_ARGMAX ) |
.It Li kern.argmax ( KERN_ARGMAX ) |
The maximum bytes of argument to |
The maximum bytes of argument to |
Line 468 structures in the networking code, see |
|
Line 486 structures in the networking code, see |
|
The third level names for the mbuf variables are detailed below. |
The third level names for the mbuf variables are detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.mbuf.nmbclusters" "struct integerXXX" -offset indent |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.\" XXX Changeable? really? |
.\" XXX Changeable? really? |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mblowat integer yes |
|
|
The third level names for the integer pipe settings is detailed below. |
The third level names for the integer pipe settings is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.pipe.maxbigpipesXXX" "integerXXX" -offset indent |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxbigpipes integer yes |
|
|
structures is returned, |
structures is returned, |
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
The third and fourth level numeric names are as follows: |
The third and fourth level numeric names are as follows: |
.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.It Sy Third level name Fourth level is: |
.It Sy Third level name Fourth level is: |
.It KERN\_PROC\_ALL None |
.It KERN_PROC_ALL None |
.It KERN\_PROC\_GID A group ID |
.It KERN_PROC_GID A group ID |
.It KERN\_PROC\_PID A process ID |
.It KERN_PROC_PID A process ID |
.It KERN\_PROC\_PGRP A process group |
.It KERN_PROC_PGRP A process group |
.It KERN\_PROC\_RGID A real group ID |
.It KERN_PROC_RGID A real group ID |
.It KERN\_PROC\_RUID A real user ID |
.It KERN_PROC_RUID A real user ID |
.It KERN\_PROC\_SESSION A session ID |
.It KERN_PROC_SESSION A session ID |
.It KERN\_PROC\_TTY A tty device |
.It KERN_PROC_TTY A tty device |
.It KERN\_PROC\_UID A user ID |
.It KERN_PROC_UID A user ID |
.El |
.El |
.It Li kern.proc2 ( KERN_PROC2 ) |
.It Li kern.proc2 ( KERN_PROC2 ) |
As for KERN_PROC, but an array of |
As for KERN_PROC, but an array of |
|
|
Multiple strings are returned separated by NUL characters. |
Multiple strings are returned separated by NUL characters. |
The third level name is the process ID. |
The third level name is the process ID. |
The fourth level name is as follows: |
The fourth level name is as follows: |
.Bl -column "Third level nameXXXXXX" -offset indent |
.Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent |
.It KERN\_PROC\_ARGV The argv strings |
.It KERN_PROC_ARGV The argv strings |
.It KERN\_PROC\_ENV The environ strings |
.It KERN_PROC_ENV The environ strings |
.It KERN\_PROC\_NARGV The number of argv strings |
.It KERN_PROC_NARGV The number of argv strings |
.It KERN\_PROC\_NENV The number of environ strings |
.It KERN_PROC_NENV The number of environ strings |
.El |
.El |
.It Li kern.profiling ( KERN_PROF ) |
.It Li kern.profiling ( KERN_PROF ) |
Return profiling information about the kernel. |
Return profiling information about the kernel. |
Line 650 The third level names for the string and |
|
Line 668 The third level names for the string and |
|
is detailed below. |
is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" -offset indent |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
|
|
.It Li kern.ipc ( KERN_SYSVIPC ) |
.It Li kern.ipc ( KERN_SYSVIPC ) |
Return information about the SysV IPC parameters. |
Return information about the SysV IPC parameters. |
The third level names for the ipc variables are detailed below. |
The third level names for the ipc variables are detailed below. |
.Bl -column "KERN_SYSVIPC_MSGXXX" "integerXXX" "noXXX" -offset indent |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvshm integer no |
.It kern.ipc.sysvshm integer no |
.It kern.ipc.sysvipc_info struct no |
.It kern.ipc.sysvipc_info struct no |
.It kern.ipc.shmmax integer no |
.It kern.ipc.shmmax integer yes |
.It kern.ipc.shmmni integer yes |
.It kern.ipc.shmmni integer yes |
.It kern.ipc.shmseg integer yes |
.It kern.ipc.shmseg integer yes |
.It kern.ipc.shmmaxpgs integer yes |
.It kern.ipc.shmmaxpgs integer yes |
.It kern.ipc.shm_use_phys integer yes |
.It kern.ipc.shm_use_phys integer yes |
|
.It kern.ipc.msgmni integer yes |
|
.It kern.ipc.msgseg integer yes |
|
.It kern.ipc.semmni integer yes |
|
.It kern.ipc.semmns integer yes |
|
.It kern.ipc.semmnu integer yes |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
.It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
|
|
.It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
.It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
Return System V style IPC configuration and run-time information. |
Return System V style IPC configuration and run-time information. |
The fourth level name selects the System V style IPC facility. |
The fourth level name selects the System V style IPC facility. |
.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.It Sy Fourth level name Type |
.It Sy Fourth level name Type |
.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
.El |
.El |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
Line 771 Max amount of shared memory in pages. |
|
Line 794 Max amount of shared memory in pages. |
|
Locking of shared memory in physical memory. |
Locking of shared memory in physical memory. |
If 0, memory can be swapped |
If 0, memory can be swapped |
out, otherwise it will be locked in physical memory. |
out, otherwise it will be locked in physical memory. |
|
.It Li kern.ipc.msgmni |
|
Max number of message queue identifiers. |
|
.It Li kern.ipc.msgseg |
|
Max number of number of message segments. |
|
.It Li kern.ipc.semmni |
|
Max number of number of semaphore identifiers. |
|
.It Li kern.ipc.semmns |
|
Max number of number of semaphores in system. |
|
.It Li kern.ipc.semmnu |
|
Max number of undo structures in system. |
|
.El |
|
.It Li kern.timecounter ( dynamic ) |
|
Display and control the timecounter source of the system. |
|
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Type Changeable |
|
.It kern.timecounter.choice string no |
|
.It kern.timecounter.hardware string yes |
|
.It kern.timecounter.timestepwarnings integer yes |
|
.El |
|
.Pp |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li kern.timecounter.choice ( dynamic ) |
|
The list of available timecounters with their quality and frequency. |
|
.It Li kern.timecounter.hardware ( dynamic ) |
|
The currently selected timecounter source. |
|
.It Li kern.timecounter.timestepwarnings ( dynamic ) |
|
If non-zero display a message each time the time is stepped. |
.El |
.El |
.It Li kern.timex ( KERN_TIMEX ) |
.It Li kern.timex ( KERN_TIMEX ) |
Not available. |
Not available. |
|
|
The third level names for the tty statistic variables are detailed below. |
The third level names for the tty statistic variables are detailed below. |
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nin quad no |
Line 868 Same syntax as kern.defcorename. |
|
Line 919 Same syntax as kern.defcorename. |
|
.Sh The machdep.* subtree |
.Sh The machdep.* subtree |
The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent |
.Bl -column "Second level name" "Type" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It Li CPU_CONSDEV dev_t no |
.It Li CPU_CONSDEV dev_t no |
.El |
.El |
Line 880 The changeable column shows whether a pr |
|
Line 931 The changeable column shows whether a pr |
|
privilege may change the value. |
privilege may change the value. |
The second and third levels are typically the protocol family and |
The second and third levels are typically the protocol family and |
protocol number, though this is not always the case. |
protocol number, though this is not always the case. |
.Bl -column "Second level nameX" "IPsec key management valuesX" -offset indent |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It net.route routing messages no |
.It net.route routing messages no |
.It net.inet IPv4 values yes |
.It net.inet IPv4 values yes |
Line 901 The third level name is a protocol numbe |
|
Line 952 The third level name is a protocol numbe |
|
The fourth level name is an address family, which may be set to 0 to |
The fourth level name is an address family, which may be set to 0 to |
select all address families. |
select all address families. |
The fifth and sixth level names are as follows: |
The fifth and sixth level names are as follows: |
.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.It Sy Fifth level name Sixth level is: |
.It Sy Fifth level name Sixth level is: |
.It NET\_RT\_FLAGS rtflags |
.It NET_RT_FLAGS rtflags |
.It NET\_RT\_DUMP None |
.It NET_RT_DUMP None |
.It NET\_RT\_IFLIST None |
.It NET_RT_IFLIST None |
.El |
.El |
.It Li net.inet ( PF_INET ) |
.It Li net.inet ( PF_INET ) |
Get or set various global information about the IPv4 |
Get or set various global information about the IPv4 |
Line 913 Get or set various global information ab |
|
Line 964 Get or set various global information ab |
|
The third level name is the protocol. |
The third level name is the protocol. |
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol name" "sack.globalmaxholes" "integer" -offset 4n |
.Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n |
.It Sy Protocol name Variable name Type Changeable |
.It Sy Protocol name Variable name Type Changeable |
.It arp down integer yes |
.It arp down integer yes |
.It arp keep integer yes |
.It arp keep integer yes |
Line 937 The currently defined protocols and name |
|
Line 988 The currently defined protocols and name |
|
.It ip forwsrcrt integer yes |
.It ip forwsrcrt integer yes |
.It ip gifttl integer yes |
.It ip gifttl integer yes |
.It ip grettl integer yes |
.It ip grettl integer yes |
|
.It ip hashsize integer yes |
.It ip hostzerobroadcast integer yes |
.It ip hostzerobroadcast integer yes |
.It ip lowportmin integer yes |
.It ip lowportmin integer yes |
.It ip lowportmax integer yes |
.It ip lowportmax integer yes |
Line 968 The currently defined protocols and name |
|
Line 1020 The currently defined protocols and name |
|
.It tcp keepintvl integer yes |
.It tcp keepintvl integer yes |
.It tcp keepcnt integer yes |
.It tcp keepcnt integer yes |
.It tcp slowhz integer no |
.It tcp slowhz integer no |
|
.It tcp keepinit integer yes |
.It tcp log_refused integer yes |
.It tcp log_refused integer yes |
.It tcp rstppslimit integer yes |
.It tcp rstppslimit integer yes |
.It tcp ident struct no |
.It tcp ident struct no |
|
.It tcp drop struct no |
.It tcp sack.enable integer yes |
.It tcp sack.enable integer yes |
.It tcp sack.globalholes integer no |
.It tcp sack.globalholes integer no |
.It tcp sack.globalmaxholes integer yes |
.It tcp sack.globalmaxholes integer yes |
Line 1060 tunnel interface. |
|
Line 1114 tunnel interface. |
|
The maximum time-to-live (hop count) value for an IPv4 packet generated by |
The maximum time-to-live (hop count) value for an IPv4 packet generated by |
.Xr gre 4 |
.Xr gre 4 |
tunnel interface. |
tunnel interface. |
|
.It Li ip.hashsize |
|
The size of IPv4 Fast Forward hash table. |
|
This value must be a power of 2 (64, 256...). |
|
A larger hash table size results in fewer collisions. |
|
Also see |
|
.Li ip.maxflows . |
.It Li ip.hostzerobroadcast |
.It Li ip.hostzerobroadcast |
All zeroes address is broadcast address. |
All zeroes address is broadcast address. |
.It Li ip.lowportmax |
.It Li ip.lowportmax |
Line 1177 another probe is sent. |
|
Line 1237 another probe is sent. |
|
See also tcp.slowhz. |
See also tcp.slowhz. |
.It Li tcp.log_refused |
.It Li tcp.log_refused |
If set to 1, refused TCP connections to the host will be logged. |
If set to 1, refused TCP connections to the host will be logged. |
|
.It Li tcp.keepinit |
|
Timeout in seconds during connection establishment. |
.It Li tcp.mss_ifmtu |
.It Li tcp.mss_ifmtu |
If set to 1, TCP calculates the outgoing maximum segment size based on |
If set to 1, TCP calculates the outgoing maximum segment size based on |
the MTU of the appropriate interface. |
the MTU of the appropriate interface. |
Line 1189 us during connection setup or Path MTU D |
|
Line 1251 us during connection setup or Path MTU D |
|
.Li ( ip.mtudisc ) |
.Li ( ip.mtudisc ) |
is disabled. |
is disabled. |
Do not change this value unless you really know what you are doing. |
Do not change this value unless you really know what you are doing. |
.It Li tcp.newreno |
|
If set to 1, enables the use of J. |
|
Hoe's NewReno congestion control algorithm. |
|
This algorithm improves the start-up behavior of TCP connections. |
|
.It Li tcp.recvspace |
.It Li tcp.recvspace |
The default TCP receive buffer size. |
The default TCP receive buffer size. |
.It Li tcp.rfc1323 |
.It Li tcp.rfc1323 |
|
|
TCP RST packet that exceeded the value are subject to rate limitation |
TCP RST packet that exceeded the value are subject to rate limitation |
and will not go out from the node. |
and will not go out from the node. |
Negative value disables rate limitation. |
Negative value disables rate limitation. |
|
.It Li tcp.ident |
|
Return the user ID of a connected socket pair. |
|
(RFC1413 Identification Protocol lookups.) |
|
.It Li tcp.drop |
|
Drop a TCP socket pair connection. |
.It Li tcp.sack.enable |
.It Li tcp.sack.enable |
If set to 1, enables RFC 2018 Selective ACKnowledgement. |
If set to 1, enables RFC 2018 Selective ACKnowledgement. |
.It Li tcp.sack.globalholes |
.It Li tcp.sack.globalholes |
Line 1265 Get or set various global information ab |
|
Line 1328 Get or set various global information ab |
|
The third level name is the protocol. |
The third level name is the protocol. |
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent |
.Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent |
.It Sy Protocol name Variable name Type Changeable |
.It Sy Protocol name Variable name Type Changeable |
.It icmp6 errppslimit integer yes |
.It icmp6 errppslimit integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_hiwat integer yes |
Line 1288 The currently defined protocols and name |
|
Line 1351 The currently defined protocols and name |
|
.It ip6 defmcasthlim integer yes |
.It ip6 defmcasthlim integer yes |
.It ip6 forwarding integer yes |
.It ip6 forwarding integer yes |
.It ip6 gifhlim integer yes |
.It ip6 gifhlim integer yes |
|
.It ip6 hashsize integer yes |
.It ip6 hlim integer yes |
.It ip6 hlim integer yes |
.It ip6 hdrnestlimit integer yes |
.It ip6 hdrnestlimit integer yes |
.It ip6 kame_version string no |
.It ip6 kame_version string no |
Line 1356 tunnel interface. |
|
Line 1420 tunnel interface. |
|
.It Li ip6.hdrnestlimit |
.It Li ip6.hdrnestlimit |
The number of IPv6 extension headers permitted on incoming IPv6 packets. |
The number of IPv6 extension headers permitted on incoming IPv6 packets. |
If set to 0, the node will accept as many extension headers as possible. |
If set to 0, the node will accept as many extension headers as possible. |
|
.It Li ip6.hashsize |
|
The size of IPv6 Fast Forward hash table. |
|
This value must be a power of 2 (64, 256...). |
|
A larger hash table size results in fewer collisions. |
|
Also see |
|
.Li ip6.maxflows . |
.It Li ip6.hlim |
.It Li ip6.hlim |
The default hop limit value for an IPv6 unicast packet sourced by the node. |
The default hop limit value for an IPv6 unicast packet sourced by the node. |
This value applies to all the transport protocols on top of IPv6. |
This value applies to all the transport protocols on top of IPv6. |
Line 1524 For variables net.*.ipsec6, please refer |
|
Line 1594 For variables net.*.ipsec6, please refer |
|
Get or set various global information about the IPsec key management. |
Get or set various global information about the IPsec key management. |
The third level name is the variable name. |
The third level name is the variable name. |
The currently defined variable and names are: |
The currently defined variable and names are: |
.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.It Sy Variable name Type Changeable |
.It Sy Variable name Type Changeable |
.It debug integer yes |
.It debug integer yes |
.It spi_try integer yes |
.It spi_try integer yes |
Line 1537 The currently defined variable and names |
|
Line 1607 The currently defined variable and names |
|
.It esp_auth integer yes |
.It esp_auth integer yes |
.It ah_keymin integer yes |
.It ah_keymin integer yes |
.El |
.El |
|
.Pp |
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li debug |
.It Li debug |
Line 1587 When a set-user-ID or set-group-ID binar |
|
Line 1658 When a set-user-ID or set-group-ID binar |
|
value of PROC_PID_CORENAME is reset to the system default value. |
value of PROC_PID_CORENAME is reset to the system default value. |
The second level name is either the magic value PROC_CURPROC, which |
The second level name is either the magic value PROC_CURPROC, which |
points to the current process, or the PID of the target process. |
points to the current process, or the PID of the target process. |
.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It proc.pid.corename string yes |
.It proc.pid.corename string yes |
.It proc.pid.rlimit node not applicable |
.It proc.pid.rlimit node not applicable |
Line 1596 points to the current process, or the PI |
|
Line 1667 points to the current process, or the PI |
|
.It proc.pid.stopexit int yes |
.It proc.pid.stopexit int yes |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.Pp |
|
.It Li proc.pid.corename ( PROC_PID_CORENAME ) |
.It Li proc.pid.corename ( PROC_PID_CORENAME ) |
The template used for the core dump file name (see |
The template used for the core dump file name (see |
.Xr core 5 |
.Xr core 5 |
|
|
The maximum number of simultaneous processes for this user id. |
The maximum number of simultaneous processes for this user id. |
.It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE ) |
.It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE ) |
The maximum number of open files for this process. |
The maximum number of open files for this process. |
.\" XXX proc.pid.rlimit.sbsize |
.It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE ) |
|
The maximum size (in bytes) of the socket buffers |
|
set by the |
|
.Xr setsockopt 2 |
|
.Dv SO_RCVBUF |
|
and |
|
.Dv SO_SNDBUF |
|
options. |
.El |
.El |
.Pp |
.Pp |
The fifth level name is one of |
The fifth level name is one of |
Line 1705 The string and integer information avail |
|
Line 1782 The string and integer information avail |
|
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It user.atexit_max integer no |
.It user.atexit_max integer no |
.It user.bc_base_max integer no |
.It user.bc_base_max integer no |
Line 1731 privilege may change the value. |
|
Line 1808 privilege may change the value. |
|
.It user.tzname_max integer no |
.It user.tzname_max integer no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.Pp |
|
.It Li user.atexit_max ( USER_ATEXIT_MAX ) |
.It Li user.atexit_max ( USER_ATEXIT_MAX ) |
The maximum number of functions that may be registered with |
The maximum number of functions that may be registered with |
.Xr atexit 3 . |
.Xr atexit 3 . |
Line 1794 The version of POSIX 1003.2 with which t |
|
Line 1870 The version of POSIX 1003.2 with which t |
|
.It Li user.re_dup_max ( USER_RE_DUP_MAX ) |
.It Li user.re_dup_max ( USER_RE_DUP_MAX ) |
The maximum number of repeated occurrences of a regular expression |
The maximum number of repeated occurrences of a regular expression |
permitted when using interval notation. |
permitted when using interval notation. |
.ne 1i |
|
.It Li user.stream_max ( USER_STREAM_MAX ) |
.It Li user.stream_max ( USER_STREAM_MAX ) |
The minimum maximum number of streams that a process may have open |
The minimum maximum number of streams that a process may have open |
at any one time. |
at any one time. |
Line 1808 The string and integer information avail |
|
Line 1883 The string and integer information avail |
|
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level nameXXXXXX" "struct uvmexp_sysctlXXX" -offset indent |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It vm.anonmax int yes |
.It vm.anonmax int yes |
.It vm.anonmin int yes |
.It vm.anonmin int yes |
Line 1888 level is detailed below. |
|
Line 1963 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.\" XXX sort |
.\" XXX sort |
.Bl -column "ddb.fromconsoleXXX" "integerXXX" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It ddb.radix integer yes |
.It ddb.radix integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
Line 1908 Number of display lines. |
|
Line 1983 Number of display lines. |
|
.It Li ddb.tabstops ( DBCTL_TABSTOPS ) |
.It Li ddb.tabstops ( DBCTL_TABSTOPS ) |
Tab width. |
Tab width. |
.It Li ddb.onpanic ( DBCTL_ONPANIC ) |
.It Li ddb.onpanic ( DBCTL_ONPANIC ) |
If non-zero, DDB will be entered when the kernel panics. |
If non-zero, DDB will be entered if the kernel panics. |
.It Li ddb.fromconsole ( DBCTL_FROMCONSOLE ) |
.It Li ddb.fromconsole ( DBCTL_FROMCONSOLE ) |
If not zero, DDB may be entered by sending a break on a serial |
If not zero, DDB may be entered by sending a break on a serial |
console or by a special key sequence on a graphics console. |
console or by a special key sequence on a graphics console. |
|
|
.It Li security.models |
.It Li security.models |
.Nx |
.Nx |
supports pluggable security models. |
supports pluggable security models. |
Every security model used, whether if loaded as an LKM or built with the system, |
Every security model used, whether if loaded as a module or built with the system, |
is required to add an entry to this node with at least one element, |
is required to add an entry to this node with at least one element, |
.Dq name , |
.Dq name , |
indicating the name of the security model. |
indicating the name of the security model. |
|
|
.Xr security 8 . |
.Xr security 8 . |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
|
.It Li security.pax.aslr.enable |
|
Enable PaX ASLR (Address Space Layout Randomization). |
|
.Pp |
|
The value of this |
|
knob must be non-zero for PaX ASLR to be enabled, even if a program is set to |
|
explicit enable. |
|
.It Li security.pax.aslr.global |
|
Specifies the default global policy for programs without an |
|
explicit enable/disable flag. |
|
.Pp |
|
When non-zero, all programs will get PaX ASLR, except those exempted with |
|
.Xr paxctl 8 . |
|
Otherwise, all programs will not get PaX ASLR, except those specifically |
|
marked as such with |
|
.Xr paxctl 8 . |
.It Li security.pax.mprotect.enable |
.It Li security.pax.mprotect.enable |
Enable PaX MPROTECT restrictions. |
Enable PaX MPROTECT restrictions. |
.Pp |
.Pp |